[Std1363] defines "forward secrecy" as the property that:
"... prevents a passive opponent who merely recorded past communications
encrypted with the shared secret keys from decrypting them some time in the
future by compromising the parties� cryptographic state."
To support its definition of "two party forward secrecy", [Std1363] cites [Gun90]
and [DOW92], the latter of which used (or introduced?) the modifier "perfect".
Anonymous asks:
> Can someone better explain how the "forward security" found in
> EKE/DH-EKE/SPEKE works?
In the context of password-based key agreement schemes, the term "perfect
forward secrecy" was used in [Jab96] to refer to the integrity of prior recorded
communications in the face of a disclosure of the password. This fits (at least)
the Std1363 definition, as the password is part of the parties' cryptographic
state.
Anonymous asks:
> Is it the same for each EKE variant, or does it
> work differently for each?
The same basic [perfect] foward secrecy property is provided in each of
these schemes, as well as several others.
At 08:10 PM 11/18/01 -0800, Paul Krumviede wrote:
>--On Sunday, 18 November, 2001 12:30 -0800 AARG!Anonymous <[EMAIL PROTECTED]> wrote:
>
>>Hi All,
>>
>>I have recently been reading about password-based authentication schemes,
>>especially EKE and its variants. The papers I've read on EKE, DH-EKE,
>>and SPEKE all refer to their "perfect forward security," though I have
>>been unable to find a formal definition of this property, or any
>>detailed explanation of what this really means.
>
>rfc 2828 has a discussion of this, but mentions that "this is to be a muddled
>area."
Unfortunately, RFC2828 itself may be seen as good source of the muddle
regarding the term, in it's yet-another-definition of "public-key forward secrecy".
References
[DOW92] W. Diffie, P. C. van Oorschot and M. J. Wiener, "Authentication and
authenticated key exchanges," Designs, Codes and Cryptography 2 (1992), pp. 107-125.
[Gun90] C. G. Gunther, "An identity-based key-exchange protocol," J.-J. Quisquater
and J. Vandewalle, editors, Advances in Cryptology - EUROCRYPT '89, Lecture Notes in
Computer Science 434 (1990), Springer-Verlag, pp. 29-37.
[Jab96] D. Jablon, "Strong Password-Only Authenticated Key Exchange", Computer
Communication Review, ACM SIGCOMM, vol. 26, no. 5, pp. 5-26, October 1996.
[Std1363] IEEE Std 1363-2000, Standard Specifications for Public Key Cryptography,
IEEE, August 2000, buried in annex D.5.1.7.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
